Jump to content

alicee

Members
  • Content Count

    11
  • Joined

  • Last visited

About alicee

  • Rank
    New Member
  1. So basically if I keep Malwarebytes Premium along with uBlock Origin I should have much less malvertising, if any? Do you suggest any additional extensions?
  2. Malvertising - I guess there's not much to do against that aside from what you suggested with Adblock Plus? I was concerned that the PUP.Optional.Legacy was causing ALL of the "problems" that I've stated, but apparently it's not always "bad" when that particular PUP shows up? Again, Malwarebytes didn't "catch" it so I felt like perhaps it wasn't as big of a concern but when Adwcleaner picked it up I was concerned... The computer restarts without any warning - most of the time it reboots on it's own as if I restarted it (but didnt!) but occasionally it shuts down completely and does not restart on it's own. I'll be sure to take screenshots of anything that appears from this point forward. I wish I had thought to do that but I always rush in a panic to get it off the screen as fast as I can. Sometimes there's a robotic voice that reads what's on the screen and sometimes not. I'll consider deleting those three programs. If I don't NEED them, then I don't particularly want them, but being a complete novice I don't want to uninstall the wrong program and lead to bigger problems. I don't know if it's true or not, but I read that Wondershare can be malware and perhaps that's what's causing the malvertising? But I don't know? I really appreciate your patience with me!
  3. A warning pops up occasionally with a (presumably) fake Microsoft number, claiming there's a keylogger that can access my bank account information and to call Microsoft right away... it's a bright red screen. I always start the Task Manager to close the browser (appears only in Edge browser). When it happens again I will screenshot it before closing it. My computer restarts ONLY while I'm using it and it's ALWAYS at the worst time such as when I'm typing a document that fortunately can be recovered but odd that it restarts at the worst possible time, several times a day. My homepage gets changed to a different search engine automatically several times a week - SafeSecure I believe or SecureSearch - I'll make sure to screenshot that as well when it happens again... I'm relieved that you don't see any traces of infection however why are there so many "ERRORS" in the log - is that normal? Also I looked at my Programs and there are 3 Programs that I don't know if they should be removed or not - I do not remember installing them but unsure if anything uses them: Ghostscript GPL 8.64 (Msi Setup) Nugster 1.47 Wondershare Helper Compact 2.6.0 I appreciate your help and would like to Donate for the time that you've spent helping me.
  4. Thank you for the great instructions, I'm looking forward to your response....
  5. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by Corley (17-03-2018 11:56:17) Running from C:\Users\Corley\Desktop Windows 10 Home Version 1709 16299.309 (X64) (2017-12-01 03:39:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1307472328-3275292372-1442106660-500 - Administrator - Disabled) Corley (S-1-5-21-1307472328-3275292372-1442106660-1001 - Administrator - Enabled) => C:\Users\Corley DefaultAccount (S-1-5-21-1307472328-3275292372-1442106660-503 - Limited - Disabled) Guest (S-1-5-21-1307472328-3275292372-1442106660-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-1307472328-3275292372-1442106660-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{636C397D-3A6D-BB86-22E8-39451D079E76}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.) Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.) Avery Design & Print (HKLM-x32\...\Avery Design & Print 3.0.2) (Version: 3.0.2 - Avery Products Corporation) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Corel Graphics - Windows Shell Extension (HKLM\...\_{C7C5C180-248D-4CF4-8636-4568DE8EDC3B}) (Version: 19.1.0.419 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{C7C5C180-248D-4CF4-8636-4568DE8EDC3B}) (Version: 19.1.419 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{58EA2241-5840-4C95-A5A5-82FD2F037D72}) (Version: 19.1.419 - Corel Corporation) Hidden Corel Painter 2018 - EN (HKLM\...\{DE7A8D8C-B182-4D28-A996-BD339EF7DEBD}) (Version: 18.1 - Corel Corporation) Hidden Corel Painter Thumbnail Previewer (HKLM\...\{50139369-99B2-496A-8726-D3DC5D6D4235}) (Version: 18.0 - Corel Corporation) Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.02.0716 - Lenovo) Dropbox (HKLM-x32\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.162 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo) Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Hidden Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5320.55 - CyberLink Corp.) Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo) Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.) Hidden Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.4212 - CyberLink Corp.) Lenovo Solution Center (HKLM\...\{558E50EE-5E2D-479A-A455-8A826191583B}) (Version: 3.3.004.00 - Lenovo) Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo) McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R8 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.) Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) nugster 1.47 (HKLM\...\nugster) (Version: 1.47 - Nugs, Inc.) OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC) REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo) REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.868.060315 - REALTEK Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Windows Driver Package - Genesys Logic (GeneStor) USB (07/13/2015 4.5.0.6) (HKLM\...\AE2E6FAB44844413B4C6F53C908EACC8AFC838F0) (Version: 07/13/2015 4.5.0.6 - Genesys Logic) Windows Driver Package - Realtek (rt640x64) Net (05/05/2015 10.001.0505.2015) (HKLM\...\6A304520C2F25CD034E477A379C47308AA84A2DC) (Version: 05/05/2015 10.001.0505.2015 - Realtek) Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth (06/11/2015 1.3.868.3) (HKLM\...\604A7B07184AD24892732BED4543610976632257) (Version: 06/11/2015 1.3.868.3 - Realtek Semiconductor Corp.) Windows Driver Package - Realtek Semiconductor Corp. (RTWlanE) Net (07/09/2015 2023.14.0615.2015) (HKLM\...\5D078DEFD18360A7A64D38392C9F1007DC86AE23) (Version: 07/09/2015 2023.14.0615.2015 - Realtek Semiconductor Corp.) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-07] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-01-25] (McAfee, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01DAC141-3423-4F33-80BF-0FEDFCCF42E1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {05F65F79-880F-43AA-8558-4DCFF9B47CC2} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo) Task: {1277F15B-7891-4B20-94D8-A19C1869B44A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-08-24] (Lenovo) Task: {1ADF2618-1B9A-4B6F-9EE5-14953E8EA1BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {1ED51F65-E8E0-4F4F-A569-4EA25A284FB3} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo) Task: {2E44E269-2419-4C64-82F4-D2ED3B31C0CE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9c10b7cf-dbc1-49f0-91f7-8a69ea83030a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited) Task: {3487FC48-FD2F-4CB8-BAA5-E8BA30293D01} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {3DB26126-BB15-4FF9-B229-3967443F1214} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {4049651A-4D30-4740-B17E-102D31F0E2DA} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-01-03] (McAfee, Inc.) Task: {51D97A9E-1E5E-42AD-8757-6857FB99784B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-04] (Dropbox, Inc.) Task: {59BDBD30-80E8-4E76-B66E-5B67738CF720} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-03-02] (Lenovo Group Limited) Task: {5F6D7120-19D5-4F66-9002-C448D2007AA9} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.) Task: {76BF5778-42F5-4DDE-8821-B3A750D8A6F5} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-10-04] (McAfee, Inc.) Task: {7D48B7EB-6C7A-415C-BA68-79F471FA9B0B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2016-01-12] (Lenovo) Task: {877C5E19-76CF-43E5-9216-6FE7FC993E51} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-08-24] () Task: {8AA51AC2-1E2F-46ED-A074-73003FCE8F2E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.) Task: {8D086B38-F625-44E8-A3E1-8C557BFF2391} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2f1729d9-1861-41e5-81d5-1d61b4b95159 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited) Task: {8EC745A8-90D4-4F08-8FA9-E55CD7CB8E8A} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2017-12-12] (McAfee, Inc.) Task: {8ECC11CA-4C2E-4E2B-BEB2-EC074B0300A1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {928A88AF-3CE8-4757-AC04-F232F695B044} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService Task: {9BBEB0A5-019B-47D9-8967-476AB0CD9872} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\69cfe95a-84ab-482f-969c-9e8b26e50e30 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited) Task: {9DCA2EE1-4AF3-4B47-9FBE-1FD08450212E} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {9F4619DF-8E89-4482-BCCB-5154BDE04D26} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-bacbc@live.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated) Task: {ADDB5F56-7DB0-4B75-BE8C-938DF5AC56B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0e73b64e-7e12-406b-a9bf-4b2f4b92663f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-03-02] (Lenovo Group Limited) Task: {B07B877D-A2AE-48B7-AE32-28B30DF4D431} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.) Task: {BD088AA6-DCEF-4C82-947B-0113B18DE359} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-03-14] (Microsoft Corporation) Task: {D644F850-B2DA-4FF3-B687-82D3E3030040} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.) Task: {D86CF71E-5CAF-484C-AE34-C55B3423E644} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-05-20] (CyberLink Corp.) Task: {D88358DA-D98F-475B-966C-C2EEEB808F51} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo) Task: {DE23472B-A5CC-411F-944E-0C60411CBA31} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-04] (Dropbox, Inc.) Task: {F7BA9D9F-562D-4D74-B7D8-2DAAB9693CCB} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {FAECD5F2-9E23-4340-953A-9B9411536739} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-08-24] (Lenovo) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-09-01 21:01 - 2011-08-16 22:46 - 000032768 _____ () C:\Windows\jmesoft\Service.exe 2018-03-15 13:23 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-15 13:23 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-06-28 16:04 - 2018-01-05 18:39 - 001707032 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll 2017-06-28 16:04 - 2018-01-05 18:39 - 000572776 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll 2016-01-15 16:24 - 2016-01-15 16:24 - 000043976 _____ () C:\Program Files\Lenovo\QuickOptimizer\LNBPrismAssistInf.dll 2018-03-14 10:46 - 2018-02-21 19:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-03-14 10:47 - 2018-02-21 19:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-09-01 20:58 - 2015-07-15 05:54 - 000053832 _____ () C:\Windows\SysWOW64\UMonit64.exe 2018-01-22 04:15 - 2018-01-22 04:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-01-22 04:15 - 2018-01-22 04:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-03-16 10:15 - 2018-03-16 10:15 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-03-16 10:15 - 2018-03-16 10:15 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-03-16 10:15 - 2018-03-16 10:15 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-03-16 10:15 - 2018-03-16 10:15 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll 2018-03-16 10:15 - 2018-03-16 10:15 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-03-15 12:32 - 2018-03-12 19:39 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\libglesv2.dll 2018-03-15 12:32 - 2018-03-12 19:39 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\libegl.dll 2018-03-16 14:23 - 2018-03-15 06:50 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2018-03-16 14:23 - 2018-03-15 06:50 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2016-05-04 19:28 - 2018-03-15 06:50 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-05-04 19:28 - 2018-03-15 06:53 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2018-03-16 14:23 - 2018-03-15 06:50 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2018-03-16 14:23 - 2018-03-15 06:50 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-05-04 19:28 - 2018-03-15 06:50 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-08-05 13:22 - 2018-03-15 06:53 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2018-03-16 14:23 - 2018-03-15 06:50 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2018-03-16 14:23 - 2018-03-15 06:50 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-05-04 19:28 - 2018-03-15 06:53 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-08-05 13:22 - 2018-03-15 06:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-09-21 15:11 - 2018-03-15 06:50 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-09-08 12:08 - 2018-03-15 06:53 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd 2017-05-17 14:02 - 2018-03-15 06:53 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-05-04 19:28 - 2018-03-15 06:53 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-02-27 14:19 - 2018-03-15 06:53 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-01-23 17:47 - 2018-03-15 06:53 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2016-05-04 19:28 - 2018-03-15 06:53 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-01-23 17:47 - 2018-03-15 06:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-01-23 17:47 - 2018-03-15 06:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-01-23 17:47 - 2018-03-15 06:53 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-04 19:28 - 2018-03-15 06:50 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2016-05-04 19:28 - 2018-03-15 06:53 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2018-03-16 14:23 - 2018-03-15 06:50 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2018-03-16 14:23 - 2018-03-15 06:52 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2018-03-16 14:23 - 2018-03-15 06:50 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2018-01-10 16:49 - 2018-03-15 06:53 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-07-11 16:41 - 2018-03-15 06:53 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2018-03-16 14:23 - 2018-03-15 06:52 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-08-05 13:22 - 2018-03-15 06:53 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2018-03-16 14:23 - 2018-03-15 06:52 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd 2017-12-19 16:33 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2017-12-19 16:33 - 2017-09-12 11:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 06:04 - 2015-07-10 06:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 69.1.30.42 - 69.1.30.43 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C63DDC2C-5F32-47C3-A174-E18F24E279D0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe FirewallRules: [{E8DDF0BF-B0D6-4492-BBBA-79F920840A36}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe FirewallRules: [{2BA9590D-5403-4EDB-871B-BE686DEA10C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{27487738-FEE7-488B-96DD-640268A4A096}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{79462FF8-E6F2-4AD5-831E-5D6B765FA756}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EB491267-4CDB-4C13-B861-FDCF8EE528B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E1E0FC61-5DBD-47C8-8CD4-D3D0BDC1615D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{71DF934E-9891-472C-B903-EB680D97313D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{F6A15DD9-5425-4731-9DF9-23B1F979D436}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{DFF573E9-AF86-411F-9D59-A4E716F88822}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D8E2286A-8F96-404A-A726-1B8B650D287B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B7CBAA03-40DD-4FFC-BAD4-3091A9C4333D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{92A6DD2B-7EB9-4923-AD58-712A61626947}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DF007A4E-C3D0-429B-9D9C-D432ED3B4E5B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{8BE0293E-9B51-4954-ACDE-1342916C2916}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{C2FEF171-3086-46A5-9F65-EB347A5827DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{BEB20035-2168-4AED-9A79-A7988BD0730C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 03-03-2018 20:12:57 Scheduled Checkpoint 13-03-2018 11:14:48 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2018 11:31:00 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/17/2018 01:20:55 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/17/2018 01:20:42 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/16/2018 01:07:58 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/16/2018 01:07:42 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/16/2018 01:07:42 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/16/2018 01:01:45 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (03/16/2018 12:59:32 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed System errors: ============= Error: (03/17/2018 11:48:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-HI3JH42) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-HI3JH42\Corley SID (S-1-5-21-1307472328-3275292372-1442106660-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/17/2018 11:38:49 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca Error: (03/17/2018 11:38:47 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca Error: (03/17/2018 11:38:44 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca Error: (03/17/2018 11:38:42 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca Error: (03/17/2018 11:38:39 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca Error: (03/17/2018 11:38:37 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca Error: (03/17/2018 11:38:34 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HI3JH42) Description: Unable to start a DCOM Server: LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2!App.AppXer7ys06va0ca0qdyvkgk274j3p8crk1c.mca as Unavailable/Unavailable. The error: "2" Happened while starting this command: "C:\WINDOWS\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXxr2prr0eys4kmy1behe5nwrq8e78cmhm.mca CodeIntegrity: =================================== Date: 2018-03-17 11:47:46.774 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:47:46.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:46:50.592 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:46:50.589 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:39:32.691 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:39:32.687 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:38:58.018 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-03-17 11:38:58.013 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G Percentage of memory in use: 50% Total physical RAM: 7093.18 MB Available physical RAM: 3530.14 MB Total Virtual: 7541.18 MB Available Virtual: 3974.92 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:899.67 GB) (Free:708.23 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{92bdd0df-4e3e-4023-bb3e-cce98ae1fd2d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 \\?\Volume{1a88f718-4da7-465f-b1a1-0023dd71a27e}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS \\?\Volume{af5a3719-23a7-4db6-988a-d500a46caabb}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:17.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 5664B4E4) Partition: GPT. ==================== End of Addition.txt ============================
  6. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by Corley (administrator) on DESKTOP-HI3JH42 (17-03-2018 11:54:05) Running from C:\Users\Corley\Desktop Loaded Profiles: Corley (Available Profiles: Corley) Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe () C:\Windows\jmesoft\Service.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Windows\SysWOW64\UMonit64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-05-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor) HKLM\...\Run: [UMonit] => C:\WINDOWS\SysWOW64\UMonit64.exe [53832 2015-07-15] () HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare) HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [148480 2017-09-29] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 69.1.30.42 69.1.30.43 Tcpip\..\Interfaces\{12d7a9e8-594c-4768-a734-a523ed16077b}: [DhcpNameServer] 69.1.30.42 69.1.30.43 Tcpip\..\Interfaces\{37faa955-cee5-4c0d-b3f5-663d07242e21}: [DhcpNameServer] 69.1.30.42 69.1.30.43 Tcpip\..\Interfaces\{f9810487-78aa-406c-b16e-902fdb2fd791}: [DhcpNameServer] 69.1.30.42 69.1.30.43 Internet Explorer: ================== HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE HKU\S-1-5-21-1307472328-3275292372-1442106660-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com SearchScopes: HKU\S-1-5-21-1307472328-3275292372-1442106660-1001 -> DefaultScope {5EA387F4-39AF-46C5-A5F8-A4B356A9B1F0} URL = SearchScopes: HKU\S-1-5-21-1307472328-3275292372-1442106660-1001 -> {5EA387F4-39AF-46C5-A5F8-A4B356A9B1F0} URL = BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-06] (Oracle Corporation) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-06] (Oracle Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-03-12] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] () FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-06] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default [2018-03-17] CHR Extension: (Slides) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-28] CHR Extension: (YouTube) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-28] CHR Extension: (Chrome IG Story) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-03-14] CHR Extension: (Sheets) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-09] CHR Extension: (Google Docs Offline) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-28] CHR Extension: (SoundCloud Music Downloader) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkbfklckeeonkccgniohmlbjekdmjjg [2017-01-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-28] CHR Extension: (Chrome Media Router) - C:\Users\Corley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-15] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-04] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [526376 2017-10-07] (EasyAntiCheat Ltd) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed] R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68336 2018-03-02] (Lenovo Group Limited) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed] S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-08-24] (Lenovo) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [697288 2017-12-19] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC) R3 mfevtp; C:\Windows\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.) S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] () R3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GenesysLogic) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-10] (McAfee, Inc.) S3 LTXMD_VAC; C:\WINDOWS\system32\drivers\lmvac.sys [28944 2011-05-06] (Windows (R) Win 7 DDK provider) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-15] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-17] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-17] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-17] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-17] (Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC) U3 mfeavfk01; no ImagePath S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC) R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek ) R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2016-01-11] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2017-09-29] (Realtek Semiconductor Corporation ) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-03-15] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-17 11:54 - 2018-03-17 11:55 - 000019724 _____ C:\Users\Corley\Desktop\FRST.txt 2018-03-17 11:53 - 2018-03-17 11:54 - 000000000 ____D C:\FRST 2018-03-17 11:52 - 2018-03-17 11:52 - 002403328 _____ (Farbar) C:\Users\Corley\Desktop\FRST64.exe 2018-03-17 11:34 - 2018-03-17 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-03-17 11:32 - 2018-03-17 11:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo 2018-03-17 11:31 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll 2018-03-17 10:48 - 2018-03-17 10:48 - 000000000 ___HD C:\OneDriveTemp 2018-03-16 20:58 - 2018-03-16 20:58 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-03-16 14:23 - 2018-03-16 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-03-16 01:02 - 2018-03-17 11:31 - 000045960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-03-15 23:56 - 2018-03-15 23:59 - 673333221 _____ (ON1) C:\Users\Corley\Downloads\Unconfirmed 863903.crdownload 2018-03-15 20:08 - 2018-03-15 20:08 - 003412930 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-15T20_08_50-05_00.zip 2018-03-15 17:21 - 2018-03-15 17:21 - 000030628 _____ C:\ProgramData\agent.uninstall.1521152484.bdinstall.bin 2018-03-15 17:18 - 2018-03-15 17:18 - 000094960 _____ C:\ProgramData\cl.1521152248.bdinstall.bin 2018-03-15 17:18 - 2018-03-15 17:18 - 000076696 _____ C:\ProgramData\cl.kit.1521152238.bdinstall.bin 2018-03-15 17:17 - 2018-03-15 17:17 - 000000000 ____D C:\Program Files\Common Files\Bitdefender 2018-03-15 17:14 - 2018-03-15 17:21 - 000000000 ____D C:\Program Files\Bitdefender Agent 2018-03-15 17:14 - 2018-03-15 17:14 - 000049255 _____ C:\ProgramData\agent.1521152080.bdinstall.bin 2018-03-15 17:14 - 2018-03-15 17:14 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2018-03-15 15:24 - 2018-03-17 10:48 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test 2018-03-15 14:06 - 2018-03-17 11:55 - 000058977 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2018-03-15 14:06 - 2018-03-15 14:31 - 000018615 _____ C:\WINDOWS\ZAM.krnl.trace 2018-03-15 14:06 - 2018-03-15 14:31 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2018-03-15 14:06 - 2018-03-15 14:06 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2018-03-15 14:06 - 2018-03-15 14:06 - 000000000 ____D C:\Users\Corley\AppData\Local\Zemana 2018-03-15 14:05 - 2018-03-15 14:06 - 006625600 _____ (Zemana Ltd. ) C:\Users\Corley\Downloads\Zemana.AntiMalware.Setup.exe 2018-03-15 13:24 - 2018-03-17 11:40 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-03-15 13:24 - 2018-03-17 11:31 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-03-15 13:23 - 2018-03-17 11:31 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-03-15 13:23 - 2018-03-15 13:23 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-03-15 13:23 - 2018-03-15 13:23 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-15 13:23 - 2018-03-15 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-15 13:23 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-03-15 13:20 - 2018-03-15 13:21 - 069748432 _____ (Malwarebytes ) C:\Users\Corley\Downloads\Unconfirmed 793148.crdownload 2018-03-15 13:10 - 2018-03-15 13:11 - 069748432 _____ (Malwarebytes ) C:\Users\Corley\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4352.exe 2018-03-15 12:57 - 2018-03-15 12:57 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2018-03-15 12:46 - 2018-03-15 12:58 - 000000000 ____D C:\ProgramData\HitmanPro 2018-03-15 12:45 - 2018-03-15 12:45 - 011605440 _____ (SurfRight B.V.) C:\Users\Corley\Downloads\hitmanpro_x64.exe 2018-03-15 12:09 - 2018-03-16 14:30 - 000000000 ____D C:\AdwCleaner 2018-03-15 12:03 - 2018-03-15 12:03 - 008222496 _____ (Malwarebytes) C:\Users\Corley\Downloads\adwcleaner_7.0.8.0 (1).exe 2018-03-15 12:02 - 2018-03-15 12:02 - 008222496 _____ (Malwarebytes) C:\Users\Corley\Downloads\adwcleaner_7.0.8.0.exe 2018-03-15 06:50 - 2018-03-15 06:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2018-03-15 06:50 - 2018-03-15 06:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2018-03-15 06:50 - 2018-03-15 06:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2018-03-15 06:50 - 2018-03-15 06:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2018-03-15 00:12 - 2018-03-15 00:12 - 004070755 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-15T00_12_10-05_00.zip 2018-03-14 14:35 - 2018-03-14 14:35 - 000071790 _____ C:\Users\Corley\Downloads\hashtags (2).xlsx 2018-03-14 14:34 - 2018-03-14 14:34 - 000029865 _____ C:\Users\Corley\Downloads\hashtags.xlsx.ods 2018-03-14 14:32 - 2018-03-14 14:32 - 000000891 _____ C:\Users\Corley\Downloads\hashtags.xlsx - Makeup - special Effect.csv 2018-03-14 14:30 - 2018-03-14 14:30 - 000071784 _____ C:\Users\Corley\Downloads\hashtags (1).xlsx 2018-03-14 13:50 - 2018-03-14 13:51 - 000000000 ____D C:\Users\Corley\AppData\Local\PlaceholderTileLogoFolder 2018-03-14 13:47 - 2018-03-14 13:47 - 000084285 _____ C:\Users\Corley\Downloads\hashtags.xlsx 2018-03-14 13:24 - 2018-03-14 13:24 - 004117940 _____ C:\Users\Corley\Downloads\engaged_Instagram_2017.pdf 2018-03-14 10:47 - 2018-03-01 22:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2018-03-14 10:47 - 2018-03-01 02:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-03-14 10:47 - 2018-03-01 02:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-03-14 10:47 - 2018-03-01 02:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-03-14 10:47 - 2018-03-01 02:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-03-14 10:47 - 2018-03-01 02:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2018-03-14 10:47 - 2018-03-01 02:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-03-14 10:47 - 2018-03-01 02:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-03-14 10:47 - 2018-03-01 02:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-03-14 10:47 - 2018-03-01 02:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-03-14 10:47 - 2018-03-01 02:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-03-14 10:47 - 2018-03-01 02:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-03-14 10:47 - 2018-03-01 02:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-03-14 10:47 - 2018-03-01 02:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2018-03-14 10:47 - 2018-03-01 02:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-03-14 10:47 - 2018-03-01 02:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2018-03-14 10:47 - 2018-03-01 02:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2018-03-14 10:47 - 2018-03-01 02:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-03-14 10:47 - 2018-03-01 02:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2018-03-14 10:47 - 2018-03-01 02:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-03-14 10:47 - 2018-03-01 01:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-03-14 10:47 - 2018-03-01 01:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-03-14 10:47 - 2018-03-01 01:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-03-14 10:47 - 2018-03-01 01:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-03-14 10:47 - 2018-03-01 01:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-03-14 10:47 - 2018-03-01 01:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-03-14 10:47 - 2018-03-01 01:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-03-14 10:47 - 2018-03-01 01:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-03-14 10:47 - 2018-03-01 01:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-03-14 10:47 - 2018-03-01 01:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2018-03-14 10:47 - 2018-03-01 01:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-03-14 10:47 - 2018-03-01 01:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-03-14 10:47 - 2018-03-01 01:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2018-03-14 10:47 - 2018-03-01 01:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-03-14 10:47 - 2018-03-01 01:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2018-03-14 10:47 - 2018-03-01 01:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2018-03-14 10:47 - 2018-03-01 01:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-03-14 10:47 - 2018-03-01 01:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-03-14 10:47 - 2018-03-01 01:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-03-14 10:47 - 2018-03-01 00:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-03-14 10:47 - 2018-03-01 00:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-03-14 10:47 - 2018-03-01 00:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-03-14 10:47 - 2018-03-01 00:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-03-14 10:47 - 2018-03-01 00:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-03-14 10:47 - 2018-03-01 00:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-03-14 10:47 - 2018-03-01 00:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2018-03-14 10:47 - 2018-03-01 00:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-03-14 10:47 - 2018-03-01 00:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-03-14 10:47 - 2018-03-01 00:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-03-14 10:47 - 2018-03-01 00:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-03-14 10:47 - 2018-03-01 00:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2018-03-14 10:47 - 2018-03-01 00:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-03-14 10:47 - 2018-03-01 00:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-03-14 10:47 - 2018-03-01 00:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2018-03-14 10:47 - 2018-03-01 00:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-03-14 10:47 - 2018-03-01 00:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-03-14 10:47 - 2018-03-01 00:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-03-14 10:47 - 2018-03-01 00:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2018-03-14 10:47 - 2018-03-01 00:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2018-03-14 10:47 - 2018-03-01 00:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-03-14 10:47 - 2018-03-01 00:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2018-03-14 10:47 - 2018-03-01 00:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-03-14 10:47 - 2018-03-01 00:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-03-14 10:47 - 2018-03-01 00:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-03-14 10:47 - 2018-03-01 00:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-03-14 10:47 - 2018-03-01 00:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-03-14 10:47 - 2018-03-01 00:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-03-14 10:47 - 2018-03-01 00:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-03-14 10:47 - 2018-03-01 00:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-03-14 10:47 - 2018-03-01 00:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-03-14 10:47 - 2018-03-01 00:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-03-14 10:47 - 2018-03-01 00:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-03-14 10:47 - 2018-03-01 00:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-03-14 10:47 - 2018-03-01 00:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2018-03-14 10:47 - 2018-03-01 00:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2018-03-14 10:47 - 2018-03-01 00:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll 2018-03-14 10:47 - 2018-03-01 00:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-03-14 10:47 - 2018-03-01 00:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-03-14 10:47 - 2018-03-01 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-03-14 10:47 - 2018-02-21 21:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-03-14 10:47 - 2018-02-21 21:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-03-14 10:47 - 2018-02-21 21:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-03-14 10:47 - 2018-02-21 21:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2018-03-14 10:47 - 2018-02-21 21:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-03-14 10:47 - 2018-02-21 21:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-03-14 10:47 - 2018-02-21 21:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-03-14 10:47 - 2018-02-21 21:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-03-14 10:47 - 2018-02-21 21:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2018-03-14 10:47 - 2018-02-21 21:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2018-03-14 10:47 - 2018-02-21 21:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2018-03-14 10:47 - 2018-02-21 20:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-03-14 10:47 - 2018-02-21 20:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2018-03-14 10:47 - 2018-02-21 20:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-03-14 10:47 - 2018-02-21 20:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2018-03-14 10:47 - 2018-02-21 20:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-03-14 10:47 - 2018-02-21 19:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-03-14 10:47 - 2018-02-21 19:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2018-03-14 10:47 - 2018-02-21 19:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2018-03-14 10:47 - 2018-02-21 19:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2018-03-14 10:47 - 2018-02-21 19:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2018-03-14 10:46 - 2018-03-01 22:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll 2018-03-14 10:46 - 2018-03-01 22:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-03-14 10:46 - 2018-03-01 22:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll 2018-03-14 10:46 - 2018-03-01 22:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll 2018-03-14 10:46 - 2018-03-01 22:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2018-03-14 10:46 - 2018-03-01 21:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-03-14 10:46 - 2018-03-01 15:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2018-03-14 10:46 - 2018-03-01 02:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-03-14 10:46 - 2018-03-01 02:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-03-14 10:46 - 2018-03-01 02:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-03-14 10:46 - 2018-03-01 02:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-03-14 10:46 - 2018-03-01 02:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2018-03-14 10:46 - 2018-03-01 02:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-03-14 10:46 - 2018-03-01 02:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-03-14 10:46 - 2018-03-01 02:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-03-14 10:46 - 2018-03-01 02:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2018-03-14 10:46 - 2018-03-01 02:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-03-14 10:46 - 2018-03-01 02:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-03-14 10:46 - 2018-03-01 02:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-03-14 10:46 - 2018-03-01 02:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-03-14 10:46 - 2018-03-01 02:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-03-14 10:46 - 2018-03-01 02:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2018-03-14 10:46 - 2018-03-01 02:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-03-14 10:46 - 2018-03-01 02:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2018-03-14 10:46 - 2018-03-01 02:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll 2018-03-14 10:46 - 2018-03-01 02:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2018-03-14 10:46 - 2018-03-01 02:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-03-14 10:46 - 2018-03-01 02:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2018-03-14 10:46 - 2018-03-01 02:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2018-03-14 10:46 - 2018-03-01 02:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2018-03-14 10:46 - 2018-03-01 01:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2018-03-14 10:46 - 2018-03-01 01:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-03-14 10:46 - 2018-03-01 01:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2018-03-14 10:46 - 2018-03-01 01:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2018-03-14 10:46 - 2018-03-01 01:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll 2018-03-14 10:46 - 2018-03-01 01:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-03-14 10:46 - 2018-03-01 01:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-03-14 10:46 - 2018-03-01 00:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll 2018-03-14 10:46 - 2018-03-01 00:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll 2018-03-14 10:46 - 2018-03-01 00:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-03-14 10:46 - 2018-03-01 00:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-03-14 10:46 - 2018-03-01 00:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-03-14 10:46 - 2018-03-01 00:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-03-14 10:46 - 2018-03-01 00:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-03-14 10:46 - 2018-03-01 00:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-03-14 10:46 - 2018-03-01 00:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2018-03-14 10:46 - 2018-03-01 00:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2018-03-14 10:46 - 2018-03-01 00:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2018-03-14 10:46 - 2018-03-01 00:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2018-03-14 10:46 - 2018-03-01 00:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2018-03-14 10:46 - 2018-03-01 00:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2018-03-14 10:46 - 2018-03-01 00:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-03-14 10:46 - 2018-03-01 00:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-03-14 10:46 - 2018-03-01 00:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-03-14 10:46 - 2018-03-01 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-03-14 10:46 - 2018-03-01 00:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2018-03-14 10:46 - 2018-03-01 00:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-03-14 10:46 - 2018-03-01 00:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll 2018-03-14 10:46 - 2018-03-01 00:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2018-03-14 10:46 - 2018-03-01 00:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll 2018-03-14 10:46 - 2018-03-01 00:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2018-03-14 10:46 - 2018-03-01 00:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-03-14 10:46 - 2018-03-01 00:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll 2018-03-14 10:46 - 2018-03-01 00:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-03-14 10:46 - 2018-03-01 00:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2018-03-14 10:46 - 2018-03-01 00:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-03-14 10:46 - 2018-03-01 00:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-03-14 10:46 - 2018-03-01 00:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll 2018-03-14 10:46 - 2018-03-01 00:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2018-03-14 10:46 - 2018-03-01 00:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll 2018-03-14 10:46 - 2018-02-21 21:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-03-14 10:46 - 2018-02-21 21:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-03-14 10:46 - 2018-02-21 21:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-03-14 10:46 - 2018-02-21 21:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-03-14 10:46 - 2018-02-21 21:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys 2018-03-14 10:46 - 2018-02-21 20:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-03-14 10:46 - 2018-02-21 20:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2018-03-14 10:46 - 2018-02-21 20:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-03-14 10:46 - 2018-02-21 19:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys 2018-03-14 10:46 - 2018-02-21 19:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2018-03-14 10:46 - 2018-02-21 19:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2018-03-14 10:46 - 2018-02-21 19:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2018-03-14 10:46 - 2018-02-21 19:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2018-03-13 23:54 - 2018-03-13 23:54 - 004447928 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-13T23_54_42-05_00.zip 2018-03-12 18:19 - 2018-03-12 18:19 - 005645451 _____ C:\Users\Corley\Downloads\Book 7 (1).pdf 2018-03-12 18:18 - 2018-03-12 18:18 - 000848994 _____ C:\Users\Corley\Downloads\Book 7.pdf 2018-03-12 13:52 - 2018-03-12 18:22 - 000000000 ____D C:\Users\Corley\Documents\JARED 2018-03-12 13:40 - 2018-03-12 13:40 - 028614079 _____ C:\Users\Corley\Downloads\Copy of Book 7 PROOF.pdf 2018-03-11 22:40 - 2018-03-11 22:40 - 004006817 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-11T22_40_56-05_00.zip 2018-03-11 16:33 - 2018-03-11 16:34 - 000102527 _____ C:\Users\Corley\Downloads\InSearchofSheila-Ultimate-Hashtag-Library (1).pdf 2018-03-11 16:08 - 2018-03-11 16:08 - 000341453 _____ C:\Users\Corley\Downloads\Haute-Hashtags-by-HerPaperRoute.zip 2018-03-11 16:06 - 2018-03-11 16:06 - 000737520 _____ C:\Users\Corley\Downloads\The_2018_Strategy-Guide.pdf 2018-03-11 11:24 - 2018-03-11 11:24 - 004887941 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-11T11_24_07-05_00.zip 2018-03-11 10:43 - 2018-03-11 10:43 - 000102527 _____ C:\Users\Corley\Downloads\InSearchofSheila-Ultimate-Hashtag-Library.pdf 2018-03-08 07:26 - 2018-03-08 07:26 - 009837379 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-08T06_26_15-06_00.zip 2018-03-07 11:49 - 2018-03-07 11:49 - 000000000 ____D C:\Users\Corley\Documents\ETSY 2018-03-06 12:24 - 2018-03-14 13:53 - 000000000 ____D C:\Users\Corley\Documents\LITTLEJARSOFOLIVES 2018-03-05 13:37 - 2018-03-05 13:37 - 001933158 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-03-05T12_37_52-06_00.zip 2018-02-28 14:57 - 2018-02-28 14:57 - 000051817 _____ C:\Users\Corley\Downloads\Write_Captions_that_Convert.pdf 2018-02-28 14:57 - 2018-02-28 14:57 - 000051817 _____ C:\Users\Corley\Downloads\Write_Captions_that_Convert (1).pdf 2018-02-28 14:27 - 2018-02-28 14:27 - 001396059 _____ C:\Users\Corley\Downloads\Your_Guide_To_Building_a_Social_Media_Strategy_-_The_Socialite_Media-ilovepdf-compressed.pdf 2018-02-23 18:10 - 2018-03-09 17:29 - 000014760 _____ C:\Users\Corley\Downloads\steaokout6.odt 2018-02-23 12:07 - 2018-02-23 12:07 - 000988352 _____ C:\Users\Corley\Downloads\keepvid-pro-desktop_setup_full2957.exe 2018-02-22 15:09 - 2018-02-22 15:09 - 000028008 _____ C:\Users\Corley\Downloads\123 Anywhere St.,Any City, State, Country 12345123-456-7890hello@reallygreatsite.com.pdf 2018-02-22 11:20 - 2018-02-22 11:20 - 000456306 _____ C:\Users\Corley\Downloads\file-21 (1).jpeg 2018-02-22 11:20 - 2018-02-22 11:20 - 000385809 _____ C:\Users\Corley\Downloads\file-22 (1).jpeg 2018-02-22 11:20 - 2018-02-22 11:20 - 000299871 _____ C:\Users\Corley\Downloads\file-20 (1).jpeg 2018-02-22 11:19 - 2018-02-22 11:19 - 000480944 _____ C:\Users\Corley\Downloads\file-19 (1).jpeg 2018-02-22 11:18 - 2018-02-22 11:18 - 001122531 _____ C:\Users\Corley\Downloads\file-18 (1).jpeg 2018-02-22 11:18 - 2018-02-22 11:18 - 000563974 _____ C:\Users\Corley\Downloads\file-17 (1).jpeg 2018-02-22 11:18 - 2018-02-22 11:18 - 000360525 _____ C:\Users\Corley\Downloads\file-16 (1).jpeg 2018-02-22 11:17 - 2018-02-22 11:17 - 000828752 _____ C:\Users\Corley\Downloads\file-14 (1).jpeg 2018-02-22 11:17 - 2018-02-22 11:17 - 000811011 _____ C:\Users\Corley\Downloads\file-15 (1).jpeg 2018-02-22 11:17 - 2018-02-22 11:17 - 000694914 _____ C:\Users\Corley\Downloads\file-13 (1).jpeg 2018-02-22 11:16 - 2018-02-22 11:16 - 000697955 _____ C:\Users\Corley\Downloads\file-12 (1).jpeg 2018-02-22 11:16 - 2018-02-22 11:16 - 000693613 _____ C:\Users\Corley\Downloads\file-11 (2).jpeg 2018-02-22 11:15 - 2018-02-22 11:15 - 000624142 _____ C:\Users\Corley\Downloads\file-10 (1).jpeg 2018-02-22 11:15 - 2018-02-22 11:15 - 000609827 _____ C:\Users\Corley\Downloads\file-9 (1).jpeg 2018-02-22 11:14 - 2018-02-22 11:14 - 000653622 _____ C:\Users\Corley\Downloads\file-8 (1).jpeg 2018-02-22 11:14 - 2018-02-22 11:14 - 000279805 _____ C:\Users\Corley\Downloads\file-7 (1).jpeg 2018-02-22 11:13 - 2018-02-22 11:13 - 000515574 _____ C:\Users\Corley\Downloads\file-6 (1).jpeg 2018-02-22 11:13 - 2018-02-22 11:13 - 000379550 _____ C:\Users\Corley\Downloads\file-4 (1).jpeg 2018-02-22 11:13 - 2018-02-22 11:13 - 000311854 _____ C:\Users\Corley\Downloads\file-5 (1).jpeg 2018-02-22 11:12 - 2018-02-22 11:12 - 000396485 _____ C:\Users\Corley\Downloads\file-2 (1).jpeg 2018-02-22 11:12 - 2018-02-22 11:12 - 000312794 _____ C:\Users\Corley\Downloads\file-3 (1).jpeg 2018-02-22 11:11 - 2018-02-22 11:11 - 000437946 _____ C:\Users\Corley\Downloads\file-1 (2).jpeg 2018-02-22 11:11 - 2018-02-22 11:11 - 000397767 _____ C:\Users\Corley\Downloads\file (3).jpeg 2018-02-22 11:09 - 2018-02-22 11:09 - 000397767 _____ C:\Users\Corley\Downloads\file (2).jpeg 2018-02-21 09:40 - 2018-03-13 14:39 - 000000000 ____D C:\Users\Corley\Documents\PAMELIA 2018-02-18 23:16 - 2018-02-18 23:16 - 003698270 _____ C:\Users\Corley\Downloads\emmalitarosa-2018-02-18T22_16_52-06_00.zip 2018-02-17 01:29 - 2018-03-01 13:05 - 000000000 ____D C:\WINDOWS\Minidump 2018-02-15 15:02 - 2018-02-15 15:02 - 000637688 _____ C:\Users\Corley\Downloads\raisamrn-2018-02-15T14_02_46-06_00.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-17 11:38 - 2016-11-17 08:01 - 000565654 _____ C:\WINDOWS\system32\InstallUtil.InstallLog 2018-03-17 11:33 - 2017-09-30 15:58 - 000000000 ____D C:\Program Files (x86)\Steam 2018-03-17 11:33 - 2016-01-10 03:41 - 000000000 ___RD C:\Users\Corley\OneDrive 2018-03-17 11:32 - 2017-09-29 08:44 - 000000000 ____D C:\WINDOWS\INF 2018-03-17 11:31 - 2017-11-30 22:05 - 000000000 ____D C:\Users\Corley 2018-03-17 11:31 - 2017-10-08 14:45 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2018-03-17 11:30 - 2017-11-30 22:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-03-17 11:30 - 2017-11-30 22:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-03-17 10:56 - 2017-09-29 08:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-17 10:56 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-03-17 10:55 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-03-17 10:52 - 2017-11-30 22:37 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D65D895-1BE6-4D96-8A8A-8D0F469BF83A} 2018-03-17 01:19 - 2017-11-30 22:05 - 000000000 ____D C:\Users\Corley\AppData\Local\Packages 2018-03-16 14:24 - 2016-05-04 19:27 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-03-16 13:04 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\rescache 2018-03-16 10:13 - 2017-11-30 22:25 - 001479180 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-03-16 01:01 - 2017-09-29 03:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-03-16 01:00 - 2017-06-01 20:33 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2018-03-16 00:01 - 2017-11-14 13:59 - 000000000 ____D C:\ProgramData\ON1 2018-03-15 21:12 - 2017-11-14 14:00 - 000000000 ____D C:\Users\Corley\AppData\Roaming\ON1 2018-03-15 21:01 - 2018-01-29 17:37 - 000000000 ____D C:\Users\Corley\AppData\Local\osu! 2018-03-15 20:59 - 2017-09-30 16:03 - 000000000 ____D C:\Users\Corley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2018-03-15 17:32 - 2017-11-17 18:19 - 000000000 ____D C:\Users\Corley\AppData\Local\Battle.net 2018-03-15 17:32 - 2017-10-16 17:32 - 000000000 ____D C:\Program Files (x86)\Battle.net 2018-03-15 13:12 - 2016-10-18 17:08 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-15 12:32 - 2016-04-28 12:50 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-15 12:32 - 2016-04-28 12:50 - 000002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-03-14 23:15 - 2017-11-30 23:09 - 000000000 ___RD C:\Users\Corley\3D Objects 2018-03-14 23:15 - 2015-07-16 10:49 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-14 23:13 - 2017-11-30 21:59 - 000365904 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-03-14 23:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-03-14 23:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-03-14 23:11 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-03-14 13:54 - 2017-09-29 08:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-03-14 13:48 - 2016-01-11 13:39 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-03-14 13:45 - 2017-10-10 16:11 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-03-14 13:45 - 2016-01-11 13:39 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-03-14 12:16 - 2017-09-29 03:45 - 000008192 _____ C:\WINDOWS\system32\config\ELAM 2018-03-14 10:49 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-03-14 10:49 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-03-12 22:39 - 2016-01-09 13:11 - 000000000 ____D C:\Program Files (x86)\McAfee 2018-03-11 10:45 - 2017-11-26 18:37 - 000000000 ____D C:\Users\Corley\Downloads\SOCIAL MANAGER 2018-03-07 16:49 - 2017-11-30 22:37 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1307472328-3275292372-1442106660-1001 2018-03-07 16:49 - 2016-01-10 03:41 - 000002377 _____ C:\Users\Corley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-02 16:09 - 2017-09-29 08:49 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-03-02 16:09 - 2017-09-29 08:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-02 08:40 - 2017-10-05 10:59 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll 2018-03-02 08:40 - 2017-10-05 10:59 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll 2018-03-02 08:40 - 2017-10-05 10:59 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe 2018-03-01 08:19 - 2016-01-09 13:11 - 000000000 ____D C:\Program Files\Common Files\McAfee 2018-03-01 08:18 - 2017-11-30 22:37 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2018-03-01 08:18 - 2017-11-30 22:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2018-03-01 08:17 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-03-01 08:16 - 2015-09-01 20:08 - 000000000 ____D C:\ProgramData\McAfee 2018-02-28 09:04 - 2017-11-30 22:37 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) 2018-02-27 21:09 - 2017-11-17 18:20 - 000000000 ____D C:\Program Files (x86)\Overwatch 2018-02-26 21:03 - 2017-11-30 22:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-02-24 12:19 - 2016-08-17 13:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2016-09-21 12:56 - 2016-09-21 13:15 - 000001456 _____ () C:\Users\Corley\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-11-14 12:04 - 2017-11-14 12:04 - 000000883 _____ () C:\Users\Corley\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2018-03-15 13:43 - 2018-03-15 12:45 - 011605440 _____ (SurfRight B.V.) C:\Users\Corley\AppData\Local\Temp\HitmanPro.exe 2018-03-16 00:02 - 2017-03-13 13:46 - 001600592 _____ (ON1, Inc.) C:\Users\Corley\AppData\Local\Temp\ON1Wait.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-12 19:16 ==================== End of FRST.txt ============================
  7. Thank you for explaining this to me... I've seen various levels of explanations on many sites (and Malwarebytes blocked a LOT of the sites) when I was trying to research - or so I thought.... Although tempted, I have not downloaded any other software to combat this, I am very careful about what I download which is why I'm puzzled how this PUP got into my system in the first place... I don't even use Extensions on Chrome or Edge and obviously keep everything updated. When I click on the tutorial in this post I am linked back to this post, could you provide me the link for the tutorial? Again I am a complete novice which is also why I'm panicking. I didn't know if it's something to worry about or not since Malwarebytes didn't find it but Malwarebytes Adwcleaner did.... but my computer is showing the same symptoms as browser pop ups with threats of keylogging, changing the homepage, altering the search provider, including my computer restarting on its own several times a day at different times of the day. I appreciate you both taking the time to help me.
  8. I appreciate your help. I am experiencing all of this: When infected with PUP.Optional.Legacy the common symptoms include: Advertising banners are injected with the web pages that you are visiting. Random web page text is turned into hyperlinks. Browser popups appear which recommend fake updates or other software. Other unwanted adware programs might get installed without the user’s knowledge. Changing the web browser’s default home page Changing the browser’s search provider and built-in search box I don't know if there's truth to this, but reading this has me EXTREMELY concerned: pup.optional.legacy is a dangerous Trojan horse which completely destroys the PC from inside. This notorious computer virus also destroys many important files from the deep folders of the system. This Trojan makes the system unstable by penetrating the core settings of the computer. This virus is designed to completely harm the system and destroy every aspect of the computer. pup.optional.legacy starts to delete and modify crucial system files. These files are very necessary for the system to run properly. The virus also disables many important programs from the system. These programs are the core programs which aid in running other programs on the computer. pup.optional.legacy carries out numerous illegal operations on the computer. These processes are running in the background, so the user don’t know about them. The processes are very heavy and they consume a lot of CPU resources. They also eat up high memory from the computer system. This results in an awfully slow computer system. pup.optional.legacy brings a whole lot of malicious applications with it. Compromising the security of the computer, this Trojan installs malicious components on the affected computer. It also lowers down the security of the computer by affecting the security settings of the computer. This malicious Trojan also makes it easy for the remote hackers gang to hack into your computer. pup.optional.legacy creates a backdoor on the computer for remote hackers. These hackers can get inside of your computer without your permission. They will have full control over your computer. These crooks will also be able to access sensitive data that is stored on your computer. They can make copies of personal photographs and sell these copies to third parties on the internet. These people can misuse your photographs in any way that suits them. These hackers will try to know the online behavior of the victim. They will try to locate the search queries performed by the user of the computer. They will also try to know the sites visited by the user. This data is combined to know the online preferences and choices of the victim of this software. Experts recommend to remove pup.optional.legacy from the affected computer without any doubt. pup.optional.legacy is a malicious Trojan virus which often attacks remote computers. This virus is designed by cyber copes with the intention of damaging the system brutally. It opens backdoors for remote attackers to provide access on user’s computer. It may put system at high risks and corrupt essential files and data in multiple ways. Criminals bounds users to open or download its infectious files. It’s quite difficult to detect Trojan virus though it continuously changes its location inside system. Mostly, pup.optional.legacy attack on almost every version of Windows computer. In addition, it replicates itself to go deep inside the system. So that, it can conveniently perform vulnerable activities on the system. Unfortunately, this virus lurks into the system using some form of social engineering. For example – when users open any suspicious email attachment, visiting phishing sites, downloading freeware from unknown site, sharing file over infected network etc. It hampers computer to perform evil tasks without user’s knowledge. Further, it modifies registry entry and default setting of system. Once getting control over system, pup.optional.legacy exhibits unavoidable behavior. It recommends fake update of already installed programs or software in system. Even, it slows down system processing and interrupts normal functionality of PC including disable task manager, control panel, firewalls etc. It leaves bad impact on web browsers like Chrome/IE/Firefox to accomplish illegal tasks. For this, it alters default setting to redirect users to unknown sites. Moreover, it replaces original homepage and new tab with its fake one. What worse about this virus is that it will cause system crashes after some random freezes taking place. pup.optional.legacy additionally install unwanted browser add-ons and plugins into browsers. Further it comes along with other severe threats to put system at worst situation. Other than its annoying behavior, it monitors online activities of users such as browsing history, session ids, bookmarks, search queries, cookies etc. Then onwards, gather all credential and personal information to perform cyber crime and earn money.
  9. Removing this will not fix the problems I'm experiencing?
  10. Thank you for replying, I personally have never installed the software. Could it have been preinstalled? My search engine changes quite often, I occasionally get notices when starting Microsoft Edge that claim keylogging my bank account with what I presume is a fake Microsoft number to call - I start the Task Manager to end the browser process when this happens - I don't know if "legacy" is causing this to happen also my computer will turn off several times a day without warning and restart... Malwarebytes Premium hasn't found anything so I don't know if it's tied to "legacy" or not.
  11. I have the Premium Trial of Malwarebytes and it did not find the PUP.Optional.Legacy infection in my Registry that AdwCleaner found.... I am confused why Malwarebytes did not recognize it? I'm even more perplexed as to what to do about it... I'm not tech savvy and I don't want to remove a registry file that is needed for my computer to run properly... Legacy (I presume) is causing occasional havoc on my computer and would obviously like for Legacy to be removed before any more damage is done. I'm GRATEFUL for any help! # AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 19:30:19 2018 # Updated on 2018/08/02 by Malwarebytes # Database: 2018-03-14.3 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [1006 B] - [2018/3/15 17:11:51] C:/AdwCleaner/AdwCleaner[S1].txt - [1074 B] - [2018/3/15 18:4:42] C:/AdwCleaner/AdwCleaner[S2].txt - [1141 B] - [2018/3/15 20:29:46] C:/AdwCleaner/AdwCleaner[S3].txt - [1209 B] - [2018/3/16 5:28:52] C:/AdwCleaner/AdwCleaner[S4].txt - [1276 B] - [2018/3/16 19:23:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.